16 comment

1. THANKS A MILLION, MAY GOD BLEEEEEEEEEESSSSSSSSSSSSSSSSSSSS YOU.
   YOU JUST SAVED MY LIFE.

   MY HOSTING SERVER’S SSH WAS UNINSTALLED BY MISTAKE AND YOU JUST MADE THE SOLUTION CHEAP

   THANKS AGAIN

2. Thanks very much for this info.
   This is very helpful.

   God bless you guys.

3. There are a couple/few things I don’t get…
   e.g. for

   Make sure port 22 is opened:
   # netstat -tulpn | grep :22

   What are we *supposed* to see if port 22 *is* opened?

   And for

   Add the line
   -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

   add it *where*???
   In the :INPUT ACCEPT section?
   in the :OUTPUT ACCEPT section?
   after :COMMIT?

   No matter which line I put it on, when I restart the iptables service I get a red [FAILED] message for that line#.

   And then you change the SSH port to 1235 but don’t revisit iptables?

   What am I missing here?

   :-)

4. Thanks a lot!

   Only change :

   -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 22 -j ACCEPT

   TO

   -A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 22 -j ACCEPT

   1. thx a lot

5. Thanks a ton this info really very helpful for me.

   Peace,
   Kuldeep

6. So,
   Make sure port 22 is opened:
   # netstat -tulpn | grep :22

   What are we *supposed* to see if port 22 *is* open?

   Thanks.

   1. If sshd is running. you would expect to see something like:

      # netstat -plunt | grep :22
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 70813/sshd
      tcp 0 0 :::22 :::* LISTEN 70813/sshd
      #

      If you do not get any output where the IP/port part ends in :22, then you have nothing listening on port 22 (the standard ssh port).

      Regards,

7. God bliss you.
   Simple way & perfect results.

8. Hi,
   Some thing is wrong.
   Please help resolve it.
   The line 13 is this:
   -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

   Now when is restart iptables i get this error.

   # service iptables restart
   iptables: Flushing firewall rules: [ OK ]
   iptables: Setting chains to policy ACCEPT: filter [ OK ]
   iptables: Unloading modules: [ OK ]
   iptables: Applying firewall rules: iptables-restore: line 13 failed [FAILED]

9. change like this it will work…

   -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

10. You missed something important: If you alter SSH Port, your iptables line –dport needs to be the same as the port you specified, not 22!

    So, if you set: Port 234, then your IP tables entry would be this:
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 234 -j ACCEPT

    To verify your PROPER port is open, the command also needs to reflect the port you altered: netstat -tulpn | grep :234

    Your results should look like this:
    tcp 0 0 0.0.0.0:234 0.0.0.0:* LISTEN 26873/sshd
    tcp 0 0 :::234 :::* LISTEN 26873/sshd

    The author should not have suggested changing the port without explaining that the commands and IPTables entries would necessitate being altered as well.

    1. I should have read this comment about 30 minutes ago… lol I was however, able to figure it out on my own. I guess that’s a good thing. :o)

11. Thank you so MUCH!
    This actually worked.
    You are a blessing!

12. Thanks!!!

13. Any changes to iptables *** must *** be on lines above COMMIT, which is found at the end of the file.
    Before adding the port (eg 22), do a search to see if it already exists:
    nano iptables
    Ctrl W to invoke search
    type: dport 22

    Still, have a question? Get help on our forum!